Sonarqube error during sonarqube analysis in .Net - pass only using sonar.scanner.useSonarScannerCLI

Hi everyone,

We are getting an error during the sonarqube process:

14:20:42.971  Starting with Scanner for .NET v8 the way the `sonar.projectBaseDir` property is automatically detected has changed and this has an impact on the files that are analyzed and other properties that are resolved relative to it like `sonar.exclusions` and `sonar.test.exclusions`. If you would like to customize the behavior, please set the `sonar.projectBaseDir` property to point to a directory that contains all the source code you want to analyze. The path may be relative (to the directory from which the analysis was started) or absolute.
14:20:43.134  WARNING: File '/home/runner/.nuget/packages/microsoft.net.test.sdk/17.13.0/build/netcoreapp3.1/Microsoft.NET.Test.Sdk.Program.cs' does not exist.
14:20:43.171  Could not find Java in Analysis Config: 
14:20:43.171  Found 'JAVA_HOME': /home/runner/_work/_tool/Java_Temurin-Hotspot_jre/21.0.8-9.0.LTS/x64
14:20:43.171  Using Java found in JAVA_HOME: /home/runner/_work/_tool/Java_Temurin-Hotspot_jre/21.0.8-9.0.LTS/x64/bin/java
14:20:43.189  Error: Unable to access jarfile /home/runner/.sonar/cache/d5653c126135ff7d09813343eecfaa5f971529fd7e75aa30085a33bd426a5c6c/sonar-scanner-engine-shaded-10.7.0.96327-all.jar
Unhandled exception. System.IO.IOException: Pipe is broken.
   at System.IO.Pipes.PipeStream.CheckWriteOperations()
   at System.IO.StreamWriter.Flush(Boolean flushStream, Boolean flushEncoder)
   at System.IO.StreamWriter.Dispose(Boolean disposing)
   at System.IO.TextWriter.Dispose()
   at SonarScanner.MSBuild.Common.ProcessRunner.Execute(ProcessRunnerArguments runnerArgs)
   at SonarScanner.MSBuild.Shim.SonarEngineWrapper.Execute(ProcessRunnerArguments args)
   at SonarScanner.MSBuild.Shim.SonarEngineWrapper.Execute(AnalysisConfig config, String standardInput, IAnalysisPropertyProvider userCmdLineArguments)
   at SonarScanner.MSBuild.PostProcessor.PostProcessor.InvokeScannerEngine(IAnalysisPropertyProvider cmdLineArgs, AnalysisConfig config, ScannerEngineInput input)
   at SonarScanner.MSBuild.PostProcessor.PostProcessor.Execute(String[] args, AnalysisConfig config, IBuildSettings settings)
   at SonarScanner.MSBuild.BootstrapperClass.PostProcess()
   at SonarScanner.MSBuild.BootstrapperClass.Execute()
   at SonarScanner.MSBuild.Program.Execute(String[] args, IRuntime runtime)
   at SonarScanner.MSBuild.Program.Main(String[] args)
   at SonarScanner.MSBuild.Program.<Main>(String[] args)

After some researches we have to pass the following parameters to work:

sonar.scanner.useSonarScannerCLI=true

Is there any issue regarding new versions?

Hello @marcilioneto,

Is there any issue regarding new versions?

This was quite a big internal change and it seems you found an issue. Using sonar.scanner.useSonarScannerCLI=true is the fallback to unblock you.

Please help us finding the root cause of the problem. Can you please provide more details about the environment you are using?

Share your pipeline

If you are using the scanner in a Continuous Integration pipeline, please share the pipeline definition and which CI environment you are using (GitHub Action, AzureDevops, etc.). Make sure to redact any secrets from you pipeline definition before posting it here.

Share the Scanner for .NET verbose logs

Please provide verbose logs with sonar.scanner.useSonarScannerCLI=false:

Add /d:"sonar.verbose=true" to the Scanner BEGIN step. Examples:

dotnet sonarscanner begin /k:"MyProject" /d:"sonar.verbose=true"

SonarScanner.MSBuild.exe begin /k:"MyProject" /d:"sonar.verbose=true"

- task: SonarCloudPrepare@3 # or SonarQubePrepare@3
    inputs:
      SonarCloud: 'sonarcloud'
      organization: 'foo'
      scannerMode: 'dotnet'
      projectKey: 'foo_sonar-scanning-someconsoleapp'
      projectName: 'sonar-scanning-someconsoleapp'
      extraProperties: |
        sonar.verbose=true

Please note that most of the relevant logging will happen during the END step, i.e. in SonarCloudAnalyze, SonarQubeAnalyze or Run Code Analysis.

Hey Martin, we got another error from the sonarqube sonnar.

See bellow:

#  -Dsonar.cpd.exclusions="**/__test__/**,**/*.spec.*,**/*.test.*"
  #  -Dsonar.coverage.exclusions="**/__test__/**,**/*.spec.*,**/*.test.*"
  
  # Only use branch input if it is the same as the default branch, otherwise let sonar determine the branch name
  # For tags we must use the default branch name since we do not run analysis on the default branch
  if [ "ci/config-env" == "main" ]; then
    branch_param="-Dsonar.branch.name=ci/config-env"
  else
    branch_param=""
  fi
  
  sonar-scanner \
    -Dsonar.projectKey="XXXXXX" \
    -Dsonar.projectName="XXXXXX" \
    -Dsonar.projectVersion="XXXXXX" \
    -Dsonar.host.url="https://XXXXXX" \
    -Dsonar.token="***" \
    -Dsonar.sources="." \
    -Dsonar.exclusions="**/dist/**,**/node_modules/**,**/TestResults/**,**/__test__/**,**/*.spec.*,**/*.test.*,*.config.*,**/__mocks__/**,**/i18n/**" \
    -Dsonar.tests="." \
    -Dsonar.test.inclusions="**/__test__/**,**/*.spec.*,**/*.test.*,**/__mocks__/**" \
    -Dsonar.test.exclusions="**/dist/**,**/node_modules/**,**/TestResults/**" \
    -Dsonar.qualitygate.wait=true \
    -Dsonar.dependencyCheck.htmlReportPath="./TestResults/dependency-check-report.html" \
    -Dsonar.dependencyCheck.jsonReportPath="./TestResults/dependency-check-report.json" \
    -Dsonar.dependencyCheck.summarize=true \
    -Dsonar.javascript.lcov.reportPaths="./TestResults/coverage/lcov.info" \
    -Dsonar.junit.reportPaths="./TestResults/junit.xml" \
    $branch_param
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
    GITHUB_APP_TOKEN: ***
    JAVA_HOME: /home/runner/_work/_tool/Java_Temurin-Hotspot_jre/21.0.8-9.0.LTS/x64
    JAVA_HOME_21_X64: /home/runner/_work/_tool/Java_Temurin-Hotspot_jre/21.0.8-9.0.LTS/x64
[INFO]  Bootstrapper: Retrieving info from "package.json" file
[INFO]  Bootstrapper: Platform: linux x64
[INFO]  Bootstrapper: Server URL: https://sonarqube.blip.tools
[INFO]  Bootstrapper: Version: 4.3.1
[INFO]  Bootstrapper: SonarQube server version: 10.7.0
[INFO]  Bootstrapper: JRE provisioning is supported
[INFO]  Bootstrapper: Using JRE from the cache
node:events:491
      throw er; // Unhandled 'error' event
      ^

Error: spawn /home/runner/.sonar/cache/bcb1b7b8ad68c93093f09b591b7cb17161d39891f7d29d33a586f5a328603707/OpenJDK17U-jre_x64_linux_hotspot_17.0.11_9.tar.gz_extracted/jdk-17.0.11+9-jre/bin/java ENOENT
    at Process.ChildProcess._handle.onexit (node:internal/child_process:285:19)
    at onErrorNT (node:internal/child_process:485:16)
    at processTicksAndRejections (node:internal/process/task_queues:83:21)
Emitted 'error' event on ChildProcess instance at:
    at Process.ChildProcess._handle.onexit (node:internal/child_process:291:12)
    at onErrorNT (node:internal/child_process:485:16)
    at processTicksAndRejections (node:internal/process/task_queues:83:21) {
  errno: -2,
  code: 'ENOENT',
  syscall: 'spawn /home/runner/.sonar/cache/bcb1b7b8ad68c93093f09b591b7cb17161d39891f7d29d33a586f5a328603707/OpenJDK17U-jre_x64_linux_hotspot_17.0.11_9.tar.gz_extracted/jdk-17.0.11+9-jre/bin/java',
  path: '/home/runner/.sonar/cache/bcb1b7b8ad68c93093f09b591b7cb17161d39891f7d29d33a586f5a328603707/OpenJDK17U-jre_x64_linux_hotspot_17.0.11_9.tar.gz_extracted/jdk-17.0.11+9-jre/bin/java',
  spawnargs: [
    '-jar',
    '/home/runner/.sonar/cache/d5653c126135ff7d09813343eecfaa5f971529fd7e75aa30085a33bd426a5c6c/sonar-scanner-engine-shaded-10.7.0.96327-all.jar'
  ]
}

This is from a npm project - different from .Net but I believe is the same reason. I’m getting the logs from .net execution and asap get back to you.

Regards.

This is strange.
The error you send shows that /home/runner/.sonar/cache/d5653c126135ff7d09813343eecfaa5f971529fd7e75aa30085a33bd426a5c6c/sonar-scanner-engine-shaded-10.7.0.96327-all.jar can not be found on the disk (code: ‘ENOENT’ means “No such file or directory”).
The error was generated by the SonarScanner for NPM which is different from the SonarScanner for .NET.
What is interesting is that both these scanner implement the “download and cache the sonar-scanner-engine-all.jar” separately (one in JavaScript/NodeJs and one in C#/.Net) and both are having trouble with that particular file.
Do you have access to the machine where these scanners are executing? If so, can you list the directory content of the cache folder: ls -la /home/runner/.sonar/cache/d5653c126135ff7d09813343eecfaa5f971529fd7e75aa30085a33bd426a5c6c/. Make sure to specify -la, so we can see if there are symbolic links or the like involved here.
Please make also sure that the directory /home/runner/.sonar/cache/bcb1b7b8ad68c93093f09b591b7cb17161d39891f7d29d33a586f5a328603707/OpenJDK17U-jre_x64_linux_hotspot_17.0.11_9.tar.gz_extracted/jdk-17.0.11+9-jre/bin/ exists and list its content as well. From the error it isn’t entirely clear if the java executable is causing the error or the parameter -jar .../sonar-scanner-engine-all.jar is responsible for the ENOENT.
In any case it would help if you could tell a little bit more about the environment the scanners are running in. See my comments here for details.

Can you please also add -Dsonar.verbose=true to the sonar-scanner invocation of the scanner for NPM you mentioned here? I asked @victor.diez from the NPM scanner to have a look as well and he needs the verbose logs (as I do for the scanner for .Net).

Hey Martin, I just added the verbose=true and receive the following log:

------------------------------------------------------------------------
14:31:59.379  Writing processing summary to /home/runner/_work/<my_repo>/<my_repo>/.sonarqube/out/ProjectInfo.log
14:31:59.407  Could not find Java in Analysis Config: 
14:31:59.407  Found 'JAVA_HOME': /home/runner/_work/_tool/Java_Temurin-Hotspot_jre/21.0.8-9.0.LTS/x64
14:31:59.407  Using Java found in JAVA_HOME: /home/runner/_work/_tool/Java_Temurin-Hotspot_jre/21.0.8-9.0.LTS/x64/bin/java
14:31:59.414  Could not import the truststore '/usr/lib/jvm/java-21-openjdk-amd64/lib/security/cacerts' with the default password at index 0. Reason: ASN1 corrupted data.
14:31:59.414  Could not import the truststore '/usr/lib/jvm/java-21-openjdk-amd64/lib/security/cacerts' with the default password at index 1. Reason: ASN1 corrupted data.
14:31:59.422  Executing file /home/runner/_work/_tool/Java_Temurin-Hotspot_jre/21.0.8-9.0.LTS/x64/bin/java
  Args: -Djavax.net.ssl.trustStore=/usr/lib/jvm/java-21-openjdk-amd64/lib/security/cacerts -jar /home/runner/.sonar/cache/d5653c126135ff7d09813343eecfaa5f971529fd7e75aa30085a33bd426a5c6c/sonar-scanner-engine-shaded-10.7.0.96327-all.jar <sensitive data removed>
  Working directory: /home/runner/_work/model-context-server/model-context-server
  Timeout (ms):-1
  Process id: 1144
14:31:59.427  Error: Unable to access jarfile /home/runner/.sonar/cache/d5653c126135ff7d09813343eecfaa5f971529fd7e75aa30085a33bd426a5c6c/sonar-scanner-engine-shaded-10.7.0.96327-all.jar
Unhandled exception. System.IO.IOException: Pipe is broken.
   at System.IO.Pipes.PipeStream.CheckWriteOperations()
   at System.IO.StreamWriter.Flush(Boolean flushStream, Boolean flushEncoder)
   at System.IO.StreamWriter.Dispose(Boolean disposing)
   at System.IO.TextWriter.Dispose()
   at SonarScanner.MSBuild.Common.ProcessRunner.Execute(ProcessRunnerArguments runnerArgs)
   at SonarScanner.MSBuild.Shim.SonarEngineWrapper.Execute(ProcessRunnerArguments args)
   at SonarScanner.MSBuild.Shim.SonarEngineWrapper.Execute(AnalysisConfig config, String standardInput, IAnalysisPropertyProvider userCmdLineArguments)
   at SonarScanner.MSBuild.PostProcessor.PostProcessor.InvokeScannerEngine(IAnalysisPropertyProvider cmdLineArgs, AnalysisConfig config, ScannerEngineInput input)
   at SonarScanner.MSBuild.PostProcessor.PostProcessor.Execute(String[] args, AnalysisConfig config, IBuildSettings settings)
   at SonarScanner.MSBuild.BootstrapperClass.PostProcess()
   at SonarScanner.MSBuild.BootstrapperClass.Execute()
   at SonarScanner.MSBuild.Program.Execute(String[] args, IRuntime runtime)
   at SonarScanner.MSBuild.Program.Main(String[] args)
   at SonarScanner.MSBuild.Program.<Main>(String[] args)

This is from .Net application. Hope this one helps you.

This looks like it might be failing for the same reason than what was described in this post Dotnet sonarscanner 10.4.1 Unable to access jarfile - #4 by Martin_Strecker. Please make sure, the cache directory you can set in the begin step via /d:sonar.userHome=/some/persisted/folder is pointing to a folder that is persisted between the begin and end step.

Our begin step is something like:

- name: Sonar Analysis Begin
      shell: bash
      run: |
        inclusions="**/*"
        if [ -n "${{ inputs.working-directory }}" ] && [ "${{ inputs.working-directory }}" != "." ]; then
          inclusions="${{ inputs.working-directory }}/**/*"
        fi

        # If it is executing in the latest tag, set the branch name to the default branch
        if [ "${{ inputs.ref-type }}" == "tag" ] && [ "${{ inputs.current-ref }}" == "${{ inputs.latest-tag }}" ]; then
          branch_param="/d:sonar.branch.name=${{ inputs.default-branch }}"
        else
          branch_param=""
        fi

        dotnet sonarscanner begin \
          /k:"${{ inputs.sonar-key }}" \
          /n:"${{ inputs.application-name }}" \
          /v:"${{ inputs.project-version }}" \
          /d:sonar.scanner.scanAll=true \
          /d:sonar.token="${{ inputs.sonar-token }}" \
          /d:sonar.host.url="${{ inputs.sonar-host-url }}" \
          /d:sonar.projectCreation.mainBranchName="${{ github.event.repository.default_branch }}" \
          /d:sonar.cs.opencover.reportsPaths="${{ inputs.working-directory }}/**/TestResults/**/coverage.opencover.xml" \
          /d:sonar.inclusions="$inclusions" \
          /d:sonar.exclusions="**/coverage.opencover.xml,**/TestResults/**" \
          /d:sonar.scanner.skipJreProvisioning=true \
          /d:sonar.dependencyCheck.htmlReportPath="${{ inputs.working-directory }}/TestResults/dependency-check-report.html" \
          /d:sonar.dependencyCheck.jsonReportPath="${{ inputs.working-directory }}/TestResults/dependency-check-report.json" \
          /d:sonar.dependencyCheck.summarize=true \
          /d:sonar.dependencyCheck.securityHotspot=true \
          $branch_param \
          /d:sonar.qualitygate.wait=true

And end:

steps:
    - name: Install SonarScanner for .NET
      shell: bash
      run: |
        dotnet tool install --global dotnet-sonarscanner

    - name: Run scanner for .NET
      shell: bash
      run: dotnet sonarscanner end /d:sonar.token="${{ inputs.sonar-token }}"

Can you please provide a bit more details:

• Which CI system do you use (GitHub Actions, Azure Devops, Jenkins, etc.)
• How are Install SonarScanner for .NET, Sonar Analysis Begin and Run scanner for .NET related to each other. Are they in different stages? It is enough to post the hierarchy like so
  • jobs
    • Job 1
      • runs-on: ubuntu-latest
      • steps
        • Install SonarScanner for .NET
        • Sonar Analysis Begin
        • Build the project
        • Run scanner for .NET